[clamav-users] Goldeneye ransomware

2016-12-08 Thread Matteo Dessalvi
Hi all. In the last couple of days our Human Resources have received a bunch of email with this kind of ransomware attached (as Excel file) and ClamAV was unfortunately unable to stop it. Anybody stumbled upon it recently? If yes, did you create your own signature for it? I have just submitted

Re: [clamav-users] Goldeneye ransomware

2016-12-08 Thread Michael D. L.
ClamAV doesn't detect/protect against malware by default. You need to add third-party databases like http://sanesecurity.com/ Works really well for me. Cheers. On 12/08/2016 05:53 PM, Matteo Dessalvi wrote: Hi all. In the last couple of days our Human Resources have received a bunch of emai

[clamav-users] Win.Trojan.URLspoof-2 trigger source?

2016-12-08 Thread Jay Gattuso
I have a long running recurring issue that I'd appreciate any help. We have an automated ingest routine that runs any-old-binary through ClamAV. The sources of files is all over, and I've observed files that come in via a web harvesting tool result in a particular malware warning. The file type

Re: [clamav-users] Goldeneye ransomware

2016-12-08 Thread Jack
In addition to SaneSecurity, here is another third-party repo of sigs (updated often) that catches these docs: https://github.com/wmetcalf/clam-punch/blob/master/miscreantpunch099.ldb Please feel free to reach out with a

Re: [clamav-users] Win.Trojan.URLspoof-2 trigger source?

2016-12-08 Thread Al Varnell
On Thu, Dec 08, 2016 at 10:17 AM, Jay Gattuso wrote: > > (1)What's the signature trigger for Win.Trojan.URLspoof-2? You can find any current signature using or $ sigtool --find Win.Trojan.URLspoof-2 | sigtool --decode-sigs VIRUS NAME: Wi

Re: [clamav-users] Goldeneye ransomware

2016-12-08 Thread Steve basford
On 8 December 2016 20:39:49 Jack wrote: In addition to SaneSecurity, here is another third-party repo of sigs (updated often) that catches these docs: They are available on the to use on the download script already I seem to remember. I've high fps with them and had clamd crash out when

Re: [clamav-users] Goldeneye ransomware

2016-12-08 Thread Steve basford
Hi... this is detected with Badmacro.ndb. On 8 December 2016 16:54:26 Matteo Dessalvi wrote I also ran a quick analysis on Malwr: https://malwr.com/analysis/Y2VhYWNjZTk3NWFhNGRhMDg5OWYwY2E5MzdjNDA2M2I/ Best regards, Matteo ___ clamav-users m